> I have a bind9 named running on the 4.x stable branch, and have noticed
> that it seems to be sending udp packets to 127.0.0.2:52 about once
> every 10 seconds or so (ipfw is denying and logging the traffic).
> Google has not shed any light on the subject.
127.0.0.2 is often returned by RBLs, when an address is blocked
(a.k.a. listed as spam source):
http://www.spamhaus.org/sbl/howtouse.html
http://www.mail-abuse.org/rbl/usage.html
Quoth the previous URL (mail-abuse.org):
"The theory of operation is simple. Given a host address in its
dotted-quad form, reverse the octets and check for the existence of an
``A RR'' at that node under the blackholes.mail-abuse.org node. So if
you get an SMTP session from [192.5.5.1] you would check for the
existence of:
1.5.5.192.blackholes.mail-abuse.org. IN A 127.0.0.2
We chose to use an ``A RR'' because that's what Sendmail makes easy to
do. The choice of [127.0.0.2] as the target address was arbitary but
will not change. As it happens, we supply a bogus MAPS RBLSM entry for
[127.0.0.2] so that mail transport developers have something to test
against.
If an ``A RR'' is found by this mechanism, then there will also be a
``TXT RR'' at the same DNS node. The text of this record will be
suitable for use as a reason text for a bounced mail notification.
Currently the text is constant and currently there is no way to use it
from Sendmail, but there it is anyway."
Perhaps you have a mail filter installed, which queries one of those
RBLs, and then tries to do a reverse DNS lookup for 127.0.0.2?
> I've grepped all through /etc/, and have found no references to
> 127.0.0.2, and I certainly don't remember configuring anything (ever)
> with that particular address.
>
> What could be the cause of this mysterious bind behavior?
See above.
--
Cordula's Web. http://www.cordula.ws/
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"